Delay-Bounded Scheduling Without Delay!

AbstractWe consider the broad problem of analyzing safety properties of asynchronous concurrent programs under arbitrary thread interleavings. Delay-bounded deterministic scheduling, introduced in prior work, is an efficient bug-finding technique to curb the large cost associated with full scheduling nondeterminism. In this paper we first present a technique to lift the delay bound for the case of finite-domain variable programs, thus adding to the efficiency of bug detection the ability to prove safety of programs under arbitrary thread interleavings. Second, we demonstrate how, combined with predicate abstraction, our technique can both refute and verify safety properties of programs with unbounded variable domains, even for unbounded thread counts. Previous work has established that, for non-trivial concurrency routines, predicate abstraction induces a highly complex abstract program semantics. Our technique, however, never statically constructs an abstract parametric program; it only requires some abstract-states set to be closed under certain actions, thus eliminating the dependence on the existence of verification algorithms for abstract programs. We demonstrate the efficiency of our technique on many examples used in prior work, and showcase its simplicity compared to earlier approaches on the unbounded-thread Ticket Lock protocol.

Download Full-text

Parallel bug-finding in concurrent programs via reduced interleaving instances

2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) ◽

10.1109/ase.2017.8115686 ◽

2017 ◽

Cited By ~ 7

Author(s):

Truc L. Nguyen ◽

Peter Schrammel ◽

Bernd Fischer ◽

Salvatore La Torre ◽

Gennaro Parlato

Keyword(s):

Concurrent Programs ◽

Bug Finding

Download Full-text

Specifying and testing GPU workgroup progress models

Proceedings of the ACM on Programming Languages ◽

10.1145/3485508 ◽

2021 ◽

Vol 5 (OOPSLA) ◽

pp. 1-30

Author(s):

Tyler Sorensen ◽

Lucas F. Salvador ◽

Harmit Raval ◽

Hugues Evrard ◽

John Wickerson ◽

...

Keyword(s):

Parallel Applications ◽

Gpu Programming ◽

Concurrent Programs ◽

Large Set ◽

Prior Work ◽

Fine Grained ◽

Experimental Campaign ◽

Correct Execution ◽

Programming Support ◽

Litmus Test

As GPU availability has increased and programming support has matured, a wider variety of applications are being ported to these platforms. Many parallel applications contain fine-grained synchronization idioms; as such, their correct execution depends on a degree of relative forward progress between threads (or thread groups). Unfortunately, many GPU programming specifications (e.g. Vulkan and Metal) say almost nothing about relative forward progress guarantees between workgroups. Although prior work has proposed a spectrum of plausible progress models for GPUs, cross-vendor specifications have yet to commit to any model. This work is a collection of tools and experimental data to aid specification designers when considering forward progress guarantees in programming frameworks. As a foundation, we formalize a small parallel programming language that captures the essence of fine-grained synchronization. We then provide a means of formally specifying a progress model, and develop a termination oracle that decides whether a given program is guaranteed to eventually terminate with respect to a given progress model. Next, we formalize a set of constraints that describe concurrent programs that require forward progress to terminate. This allows us to synthesize a large set of 483 progress litmus tests. Combined with the termination oracle, we can determine the expected status of each litmus test -- i.e. whether it is guaranteed to eventually terminate -- under various progress models. We present a large experimental campaign running the litmus tests across 8 GPUs from 5 different vendors. Our results highlight that GPUs have significantly different termination behaviors under our test suite. Most notably, we find that Apple and ARM GPUs do not support the linear occupancy-bound model, as was hypothesized by prior work.

Download Full-text

Custom-Design of FDR Encodings: The Case of Red-Black Planning

Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence ◽

10.24963/ijcai.2021/558 ◽

2021 ◽

Author(s):

Daniel Fišer ◽

Daniel Gnad ◽

Michael Katz ◽

Jörg Hoffmann

Keyword(s):

Finite Domain ◽

Prior Work ◽

Planning Systems ◽

Heuristic Function ◽

Transition Graph ◽

Planning Techniques ◽

Impact Performance ◽

Custom Design ◽

Programming Techniques ◽

One Step

Classical planning tasks are commonly described in PDDL, while most planning systems operate on a grounded finite-domain representation (FDR). The translation of PDDL into FDR is complex and has a lot of choice points---it involves identifying so called mutex groups---but most systems rely on the translator that comes with Fast Downward. Yet the translation choice points can strongly impact performance. Prior work has considered optimizing FDR encodings in terms of the number of variables produced. Here we go one step further by proposing to custom-design FDR encodings, optimizing the encoding to suit particular planning techniques. We develop such a custom design here for red-black planning, a partial delete relaxation technique. The FDR encoding affects the causal graph and the domain transition graph structures, which govern the tractable fragment of red-black planning and hence affects the respective heuristic function. We develop integer linear programming techniques optimizing the scope of that fragment in the resulting FDR encoding. We empirically show that the performance of red-black planning can be improved through such FDR custom design.

Download Full-text

MODULAR RANKING ABSTRACTION

International Journal of Foundations of Computer Science ◽

10.1142/s0129054107004553 ◽

2007 ◽

Vol 18 (01) ◽

pp. 5-44 ◽

Cited By ~ 11

Author(s):

ITTAI BALABAN ◽

AMIR PNUELI ◽

LENORE D. ZUCK

Keyword(s):

Ranking Function ◽

Predicate Abstraction ◽

Ranking Functions ◽

Safety Properties ◽

Boolean Combination ◽

Deductive Proof ◽

Liveness Properties ◽

Complete Ranking ◽

The Given ◽

Progress Monitor

Predicate abstraction has become one of the most successful methodologies for proving safety properties of programs. Recently, several abstraction methodologies have been proposed for proving liveness properties. This paper studies "ranking abstraction" where a program is augmented by a non-constraining progress monitor based on a set of ranking functions, and further abstracted by predicate-abstraction, to allow for automatic verification of progress properties. Unlike many liveness methodologies, the augmentation does not require a complete ranking function that is expected to decrease with each helpful step. Rather, adequate user-provided inputs are component rankings from which a complete ranking function may be automatically formed. The premise of the paper is an analogy between the methods of ranking abstraction and predicate abstraction, one ingredient of which is refinement: When predicate abstraction fails, one can refine it. When ranking abstraction fails, one must determine whether the predicate abstraction, or the ranking abstraction, needs be refined. The paper presents strategies for determining which case is at hand, and methods for performing the apporpriate refinements. The other part of the analogy is that of automatically deriving deductive proof constructs: Predicate abstraction is often used to derive program invariants for proving safety properties as a boolean combination of the given predicates. Deductive proof of progress properties requires well-founded ranking functions in addition to invariants. We show how the constructs necessary for a deductive proof of an arbitrary LTL formula can be automatically extracted from a successful application of the ranking abstraction method.

Download Full-text

Dartagnan: Bounded Model Checking for Weak Memory Models (Competition Contribution)

Tools and Algorithms for the Construction and Analysis of Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-030-45237-7_24 ◽

2020 ◽

pp. 378-382

Author(s):

Hernán Ponce-de-León ◽

Florian Furbach ◽

Keijo Heljanko ◽

Roland Meyer

Keyword(s):

Model Checking ◽

Bounded Model Checking ◽

Memory Models ◽

Memory Model ◽

Complete Analysis ◽

Concurrent Programs ◽

Sequential Consistency ◽

Model Checker ◽

Safety Properties ◽

C Programs

Abstract Dartagnanis a bounded model checker for concurrent programs under weak memory models. What makes it different from other tools is that the memory model is not hard-coded inside Dartagnanbut taken as part of the input. For SV-COMP’20, we take as input sequential consistency (i.e. the standard interleaving memory model) extended by support for atomic blocks. Our point is to demonstrate that a universal tool can be competitive and perform well in SV-COMP. Being a bounded model checker, Dartagnan’s focus is on disproving safety properties by finding counterexample executions. For programs with bounded loops, Dartagnanperforms an iterative unwinding that results in a complete analysis. The SV-COMP’20 version of Dartagnanworks on Boogiecode. The C programs of the competition are translated internally to Boogieusing SMACK.

Download Full-text

Concurrent Bug Detection Using Invariant Analysis

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.4.14666 ◽

2018 ◽

Vol 7 (3.4) ◽

pp. 6

Author(s):

Bidush Kumar Sahoo ◽

Mitrabinda Ray

Keyword(s):

Static Analysis ◽

Source Code ◽

Invariant Set ◽

Concurrent Programs ◽

Testing Technique ◽

Bug Detection ◽

Concurrent Program ◽

Call Graph ◽

Multiple Thread ◽

Invariant Analysis

In concurrent programs, bug detection is a tedious job due to non-determinism and multiple thread control. The bug detection is done by checking the interleaving of threads which is not available in operational phases. So, static analysis is one of the preferred approaches for detection of concurrent bug. Invariant based testing technique is one approach of static analysis used for detecting the concurrent bugs. In this paper, we discuss an invariant based testing approach using three steps: (i) the invariants of a given concurrent program are generated using Daikon tool. (ii) The bad invariants are removed by using the static call graph of the source code, where the static call graph is generated by the javacg tool. (iii) The reduced invariant set is obtained by eliminating the bad and redundant invariants which is used for testcase generation. Using the reduced invariant set, we generate the testcases that are used to find the various concurrent bugs such as Deadlock, Atomicity violation and Bad composition. We conducted an experiment on a well-known concurrent program called the Dining Philosopher Problem. The experimental results show that, the testcases obtained from the reduced invariant set is able to detect more types and no. of concurrent bugs than the existing approach on invariant based testing.

Download Full-text

Web Service Composition Verification of Safety Properties: An Approach Based on Predicate Abstraction

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.753-755.2892 ◽

2013 ◽

Vol 753-755 ◽

pp. 2892-2899

Author(s):

Yu Ying Wang ◽

Ping Chen

Keyword(s):

Model Checking ◽

State Space ◽

Web Service ◽

Petri Net ◽

Service Composition ◽

Web Service Composition ◽

Predicate Abstraction ◽

Colored Petri Net ◽

Safety Properties ◽

State Space Explosion

The biggest problem in model checking is state space explosion. Using predicate abstraction, state space of colored Petri net models were abstracted, and an algorithm was proposed to obtain the abstracted state space of a colored Petri net model without its original state space generated. A method to verify safety properties of Web service composition by abstracted state space was proposed. The problem of state space explosion is solved to some extend in this way. Finally an application of the method is illustrated with an example, which its efficiency shown.

Download Full-text

ConFuzz: Coverage-Guided Property Fuzzing for Event-Driven Programs

Practical Aspects of Declarative Languages - Lecture Notes in Computer Science ◽

10.1007/978-3-030-67438-0_8 ◽

2021 ◽

pp. 127-144

Author(s):

Sumit Padhiyar ◽

K. C. Sivaramakrishnan

Keyword(s):

Experimental Results ◽

Concurrent Programs ◽

Concurrent Schedules ◽

Concurrency Bugs ◽

Concurrent Program ◽

Novel Technique ◽

Event Driven ◽

Bug Finding ◽

High Level ◽

Concurrency Bug

AbstractBug-free concurrent programs are hard to write due to non-determinism arising out of concurrency and program inputs. Since concurrency bugs typically manifest under specific inputs and thread schedules, conventional testing methodologies for concurrent programs like stress testing and random testing, which explore random schedules, have a strong chance of missing buggy schedules.In this paper, we introduce a novel technique that combines property-based testing with mutation-based, grey box fuzzer, applied to event-driven OCaml programs. We have implemented this technique in , a directed concurrency bug-finding tool for event-driven OCaml programs. Using , programmers specify high-level program properties as assertions in the concurrent program. uses the popular greybox fuzzer AFL to generate inputs as well as concurrent schedules to maximise the likelihood of finding new schedules and paths in the program so as to make the assertion fail. does not require any modification to the concurrent program, which is free to perform arbitrary I/O operations. Our experimental results show that is easy-to-use, effective, detects concurrency bugs faster than Node.Fz - a random fuzzer for event-driven JavaScript programs, and is able to reproduce known concurrency bugs in widely used OCaml libraries.

Download Full-text